defaultModel = $name; } public $components = array( 'Session', 'Auth' => array( 'className' => 'SecureAuth', 'authenticate' => array( 'Form' => array( 'fields' => array('username' => 'email') ) ), 'authError' => 'Unauthorised access.', 'loginRedirect' => array('controller' => 'users', 'action' => 'routeafterlogin'), 'logoutRedirect' => array('controller' => 'users', 'action' => 'login'), //'authorize' => array('Controller', // Added this line //'Actions' => array('actionPath' => 'controllers')) // TODO ACL, 4: tell actionPath ) ); public function beforeFilter() { // user must accept terms // // TODO $this->Session->check('Auth.User') (16:32:45) think this was documented as check('Auth') if ($this->Session->check('Auth.User') && !$this->Auth->user('termsaccepted') && (!in_array($this->request->here, array('/users/terms', '/users/logout', '/users/login')))) { $this->redirect(array('controller' => 'users', 'action' => 'terms', 'admin' => false)); } if ($this->Session->check('Auth.User') && $this->Auth->user('change_pw') && (!in_array($this->request->here, array('/users/terms', '/users/change_pw', '/users/logout', '/users/login')))) { $this->redirect(array('controller' => 'users', 'action' => 'change_pw', 'admin' => false)); } // REST things if ($this->_isRest()) { // disable CSRF for REST access if (array_key_exists('Security', $this->components)) $this->Security->csrfCheck = false; // Authenticate user with authkey in Authorization HTTP header if (!empty($_SERVER['HTTP_AUTHORIZATION'])) { $user = $this->checkAuthUser($_SERVER['HTTP_AUTHORIZATION']); if ($user) { // User found in the db, add the user info to the session $this->Session->renew(); $this->Session->write(AuthComponent::$sessionKey, $user['User']); } else { // User not authenticated correctly // reset the session information $this->Session->destroy(); throw new ForbiddenException('The authentication key provided cannot be used for syncing.'); } } } // We don't want to run these role checks before the user is logged in, but we want them available for every view once the user is logged on // instead of using checkAction(), like we normally do from controllers when trying to find out about a permission flag, we can use getActions() // getActions returns all the flags in a single SQL query if ($this->Auth->user()) { $role = $this->getActions(); $this->set('me', $this->Auth->user()); $this->set('isAdmin', $role['perm_admin']); $this->set('isSiteAdmin', $this->_isSiteAdmin()); $this->set('isAclAdd', $role['perm_add']); $this->set('isAclModify', $role['perm_modify']); $this->set('isAclModifyOrg', $role['perm_modify_org']); $this->set('isAclPublish', $role['perm_publish']); $this->set('isAclSync', $role['perm_sync']); $this->set('isAclAdmin', $role['perm_admin']); $this->set('isAclAudit', $role['perm_audit']); $this->set('isAclAuth', $role['perm_auth']); } else { $this->set('me', false); $this->set('isAdmin', false); $this->set('isSiteAdmin', false); $this->set('isAclAdd', false); $this->set('isAclModify', false); $this->set('isAclModifyOrg', false); $this->set('isAclPublish', false); $this->set('isAclSync', false); $this->set('isAclAdmin', false); $this->set('isAclAudit', false); $this->set('isAclAuth', false); } } //public function blackhole($type) { // // handle errors. // throw new Exception(__d('cake_dev', 'The request has been black-holed')); // //throw new BadRequestException(__d('cake_dev', 'The request has been black-holed')); //} protected function _isRest() { return (isset($this->RequestHandler) && $this->RequestHandler->isXml()); } /** * Convert an array to the same array but with the values also as index instead of an interface_exists */ protected function _arrayToValuesIndexArray($oldArray) { $newArray = Array(); foreach ($oldArray as $value) $newArray[$value] = $value; return $newArray; } /** * checks if the currently logged user is an administrator (an admin that can manage the users and events of his own organisation) */ protected function _isAdmin() { $org = $this->Auth->user('org'); if ((isset($org) && $org === 'ADMIN') || $this->checkAction('perm_admin')) { return true; } return false; } /** * checks if the currently logged user is a site administrator (an admin that can manage any user or event on the instance and create / edit the roles). */ protected function _isSiteAdmin() { $org = $this->Auth->user('org'); if (isset($org) && $org === 'ADMIN') { return true; } return false; } protected function _checkOrg() { return $this->Auth->user('org'); } /** * Refreshes the Auth session with new/updated data * @return void */ protected function _refreshAuth() { if (isset($this->User)) { $user = $this->User->read(false, $this->Auth->user('id')); } else { $this->loadModel('User'); $this->User->recursive = -1; $user = $this->User->findById($this->Auth->user('id')); } $this->Auth->login($user['User']); } public function generateCorrelation() { if (!self::_isSiteAdmin()) throw new NotFoundException(); $this->loadModel('Correlation'); $this->Correlation->deleteAll(array('id !=' => ''), false); $this->loadModel('Attribute'); $fields = array('', 'Attribute.event_id', 'Attribute.private', 'Attribute.cluster', '', ''); // get all attributes.. $attributes = $this->Attribute->find('all',array('recursive' => 0)); // for all attributes.. foreach ($attributes as $attribute) { $this->Attribute->__afterSaveCorrelation($attribute['Attribute']); } $this->Session->setFlash(__('All done.')); $this->redirect(array('controller' => 'events', 'action' => 'index', 'admin' => false)); } /** * * @param $action * @return boolean */ // pass an action to this method for it to check the active user's access to the action public function checkAction($action = 'perm_sync') { $this->loadModel('Role'); $this->Role->recursive = -1; $role = $this->Role->findById($this->Auth->user('role_id')); if ($role['Role'][$action]) return true; return false; } // returns the role of the currently authenticated user as an array, used to set the permission variables for views in the AppController's beforeFilter() method public function getActions() { $this->loadModel('Role'); $this->Role->recursive = -1; $role = $this->Role->findById($this->Auth->user('role_id')); return $role['Role']; } /** * * @param unknown $authkey * @return boolean or user array */ public function checkAuthUser($authkey) { $this->loadModel('User'); $this->User->recursive = -1; $user = $this->User->findByAuthkey($authkey); if (isset($user['User'])) { $this->loadModel('Role'); $this->Role->recursive = -1; $role = $this->Role->findById($user['User']['role_id']); if ($role['Role']['perm_auth']) { return $user; } } return false; } public function generatePrivate() { $this->generatePrivateForAttributes(); $this->generatePrivateForEvents(); } public function generatePrivateForAttributes() { if (!self::_isSiteAdmin()) throw new NotFoundException(); $this->loadModel('Attribute'); $attributes = $this->Attribute->find('all', array('recursive' => 0)); foreach ($attributes as $attribute) { if ($attribute['Attribute']['private']) { $attribute['Attribute']['private'] = true; $attribute['Attribute']['cluster'] = false; $attribute['Attribute']['communitie'] = false; } else { $attribute['Attribute']['private'] = false; $attribute['Attribute']['cluster'] = false; $attribute['Attribute']['communitie'] = false; } $this->Attribute->save($attribute); } } public function generatePrivateForEvents() { if (!self::_isSiteAdmin()) throw new NotFoundException(); $this->loadModel('Event'); $events = $this->Event->find('all', array('recursive' => 0)); foreach ($events as $event) { if ($event['Event']['private']) { $event['Event']['private'] = true; $event['Event']['cluster'] = false; $event['Event']['communitie'] = false; } else { $event['Event']['private'] = false; $event['Event']['cluster'] = false; $event['Event']['communitie'] = false; } $event['Event']['orgc'] = $event['Event']['org']; $event['Event']['dist_change'] = 0; $event['Event']['analysis'] = 2; $this->Event->save($event); } } public function generateCount() { if (!self::_isSiteAdmin()) throw new NotFoundException(); $this->loadModel('Event'); $events = $this->Event->find('all', array('recursive' => 1)); foreach ($events as $event) { $event['Event']['attribute_count'] = sizeof($event['Attribute']); $this->Event->save($event); } $this->Session->setFlash(__('All done.')); $this->redirect(array('controller' => 'events', 'action' => 'index', 'admin' => false)); } /** * CakePHP returns false if filesize is 0 at lib/cake/Utility/File.php:384 */ public function checkEmpty($fileP = '/var/www/cydefsig/app/files/test') { // Check if there were problems with the file upload // only keep the last part of the filename, this should prevent directory attacks $filename = basename($fileP); $tmpfile = new File($fileP); debug($fileP); debug($tmpfile); debug($tmpfile->size()); debug($tmpfile->md5()); debug(md5_file($fileP)); $md5 = !$tmpfile->size() ? md5_file($fileP) : $tmpfile->md5(); debug($md5); } /** * generateAllFor * * @throws NotFoundException // TODO Exception **/ public function generateAllFor($field) { if (!self::_isSiteAdmin()) throw new NotFoundException(); // contain the newValue and oldValue $methodArgs = $this->params['pass']; // use call_user_func_array() to pass the newValue and oldValue $success = call_user_func_array(array($this->{$this->defaultModel}, 'generateAllFor' . $field), $methodArgs); // give feedback $this->set('succes', $success); $this->render('succes'); } public function call($method, $dummySecond) { $this->__call($method, $dummySecond); } public function __call($method, $dummySecond) { $args = $this->params['pass']; // TODO this is naughty if (strpos($method, 'generateAllFor') === 0) { // massage the args $methodArgs = $args; $methodArgs[0] = str_replace('generateAllFor', '', $method); // TODO //array_unshift($methodArgs, str_replace('generateAllFor', '', $method)); // do the actual call return call_user_func_array(array($this, 'generateAllFor'), $methodArgs); } //if (strpos($method, 'findBy') === 0) { // //debug(true);debug(tru); //} return false; } }